Add forwarded headers on entry point configuration

2019-01-15 09:44:03 +01:00 · 2019-01-15 09:44:03 +01:00 · a79d6aa669
commit a79d6aa669
parent 7efafa5a2c
9 changed files with 239 additions and 23 deletions
--- a/server/server_entrypoint.go
+++ b/server/server_entrypoint.go
@ -17,6 +17,7 @@ import (
 	"github.com/containous/traefik/ip"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/middlewares"
+	"github.com/containous/traefik/middlewares/forwardedheaders"
 	"github.com/containous/traefik/old/configuration"
 	traefiktls "github.com/containous/traefik/tls"
 	"github.com/containous/traefik/tls/generate"
@ -30,15 +31,22 @@ type EntryPoints map[string]*EntryPoint

 // NewEntryPoint creates a new EntryPoint
 func NewEntryPoint(ctx context.Context, configuration *static.EntryPoint) (*EntryPoint, error) {
-	logger := log.FromContext(ctx)
 	var err error

-	router := middlewares.NewHandlerSwitcher(buildDefaultHTTPRouter())
+	switcher := middlewares.NewHandlerSwitcher(buildDefaultHTTPRouter())
+	handler, err := forwardedheaders.NewXForwarded(
+		configuration.ForwardedHeaders.Insecure,
+		configuration.ForwardedHeaders.TrustedIPs,
+		switcher)
+	if err != nil {
+		return nil, err
+	}
+
 	tracker := newHijackConnectionTracker()

 	listener, err := buildListener(ctx, configuration)
 	if err != nil {
-		logger.Fatalf("Error preparing server: %v", err)
+		return nil, fmt.Errorf("error preparing server: %v", err)
 	}

 	var tlsConfig *tls.Config
@ -56,11 +64,11 @@ func NewEntryPoint(ctx context.Context, configuration *static.EntryPoint) (*Entr
 	}

 	entryPoint := &EntryPoint{
-		httpRouter:              router,
+		switcher:                switcher,
 		transportConfiguration:  configuration.Transport,
 		hijackConnectionTracker: tracker,
 		listener:                listener,
-		httpServer:              buildServer(ctx, configuration, tlsConfig, router, tracker),
+		httpServer:              buildServer(ctx, configuration, tlsConfig, handler, tracker),
 		Certs:                   certificateStore,
 	}

@ -76,7 +84,7 @@ type EntryPoint struct {
 	RouteAppenderFactory    RouteAppenderFactory
 	httpServer              *h2c.Server
 	listener                net.Listener
-	httpRouter              *middlewares.HandlerSwitcher
+	switcher                *middlewares.HandlerSwitcher
 	Certs                   *traefiktls.CertificateStore
 	OnDemandListener        func(string) (*tls.Certificate, error)
 	TLSALPNGetter           func(string) (*tls.Certificate, error)